%0 Conference Proceedings
%T Embedded Eavesdropping on Java Card
%+ Laboratoire Traitement et Communication de l'Information (LTCI)
%+ Oberthur Technologies
%A Barbu, Guillaume
%A Giraud, Christophe
%A Guerin, Vincent
%Z Part 1: Attacks and Malicious Code
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 27th Information Security and Privacy Conference (SEC)
%C Heraklion, Greece
%Y Dimitris Gritzalis
%Y Steven Furnell
%Y Marianthi Theoharidou
%I Springer
%3 Information Security and Privacy Research
%V AICT-376
%P 37-48
%8 2012-06-04
%D 2012
%R 10.1007/978-3-642-30436-1_4
%K Fault Attack
%K Logical Attack
%K Combined Attack
%K APDU Buffer
%K Java Card
%Z Computer Science [cs]
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X In this article we present the first Combined Attack on a Java Card targeting the APDU buffer itself, thus threatening both the security of the platform and of the hosted applications as well as the privacy of the cardholder. We show that such an attack, which combines malicious application and fault injection, is achievable in practice on the latest release of the Java Card specifications by presenting several case studies taking advantage for instance of the well-known GlobalPlatform and (U)SIM Application ToolKit.
%G English
%2 https://hal.science/hal-00706186/document
%2 https://hal.science/hal-00706186/file/main.pdf
%L hal-00706186
%U https://hal.science/hal-00706186
%~ INSTITUT-TELECOM
%~ CNRS
%~ ENST
%~ TELECOM-PARISTECH
%~ PARISTECH
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-SEC
%~ IFIP-AICT-376
%~ LTCI
%~ INSTITUTS-TELECOM